[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Fri May 11 10:03:02 UTC 2018


The branch, master has been updated
       via  1766f77 winbind: Fix UPN handling in canonicalize_username()
       via  a05b63d winbind: Fix UPN handling in parse_domain_user()
       via  32770e9 winbind: Remove unused function parse_domain_user_talloc()
       via  789c89e winbind: Pass upn unmodified to lookup names
       via  2715f52 nsswitch:tests: Add test for wbinfo --user-info
       via  5319cae selftest: Add a user with a different userPrincipalName
       via  4fa811e nsswitch: Lookup the domain in tests with the wb seperator
       via  0aceca6 nsswitch: Add a test looking up domain sid
       via  0d2f743 nsswitch: Add a test looking up the user using the upn
       via  9bc2b92 selftest: Make sure we have correct group mappings
      from  569937b tests: Add tests for samba-tool passwordsettings commands

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1766f77493c5a76e4d7d1e5eedcaa150cc9ea552
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Apr 26 17:32:42 2018 +0200

    winbind: Fix UPN handling in canonicalize_username()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Fri May 11 12:02:37 CEST 2018 on sn-devel-144

commit a05b63db627fdbe0bdea4d144dfaeedb39025592
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Apr 26 12:17:12 2018 +0200

    winbind: Fix UPN handling in parse_domain_user()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
    
    Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit 32770e929ace8fe3f2469037ed887be14b3c5503
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Apr 26 17:23:41 2018 +0200

    winbind: Remove unused function parse_domain_user_talloc()
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 789c89e6ecb7d388fb5acdd5abc8fe99c58524f0
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Feb 22 14:10:28 2018 +0100

    winbind: Pass upn unmodified to lookup names
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
    
    Pair-Programmed-With: Andreas Schneider <asn at samba.org>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Andreas Schneider <asn at samba.org>

commit 2715f52f54e66a73131a92d752a8c2447da1fd33
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Apr 20 11:20:44 2018 +0200

    nsswitch:tests: Add test for wbinfo --user-info
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 5319cae00096dcecc29aa9fa675a983352ad64d8
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Apr 20 09:38:24 2018 +0200

    selftest: Add a user with a different userPrincipalName
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 4fa811ec7bc301e96f5e40ba281e8d4e8709b94f
Author: Andreas Schneider <asn at samba.org>
Date:   Mon May 7 13:23:42 2018 +0200

    nsswitch: Lookup the domain in tests with the wb seperator
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 0aceca6a94e868f9c01a66f79624ca10d80560ab
Author: Andreas Schneider <asn at samba.org>
Date:   Fri May 4 12:43:05 2018 +0200

    nsswitch: Add a test looking up domain sid
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 0d2f743d826b87b369e25fc6bb9ff61f2b0896aa
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Apr 20 11:24:30 2018 +0200

    nsswitch: Add a test looking up the user using the upn
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 9bc2b922bbc6539341a2056f33f117ac350e61f1
Author: Andreas Schneider <asn at samba.org>
Date:   Mon May 7 16:20:30 2018 +0200

    selftest: Make sure we have correct group mappings
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 nsswitch/tests/test_idmap_ad.sh           |  2 +-
 nsswitch/tests/test_idmap_nss.sh          |  4 +-
 nsswitch/tests/test_idmap_rid.sh          |  2 +-
 nsswitch/tests/test_wbinfo_name_lookup.sh | 13 ++++-
 nsswitch/tests/test_wbinfo_user_info.sh   | 83 +++++++++++++++++++++++++++++++
 selftest/knownfail.d/upn_handling         |  8 +++
 selftest/target/Samba3.pm                 |  9 ++++
 selftest/target/Samba4.pm                 | 19 ++++++-
 source3/selftest/tests.py                 | 16 +++++-
 source3/winbindd/wb_lookupname.c          |  8 +--
 source3/winbindd/wb_xids2sids.c           |  1 +
 source3/winbindd/winbindd_cache.c         |  5 +-
 source3/winbindd/winbindd_ccache_access.c | 43 +++++++++++-----
 source3/winbindd/winbindd_creds.c         |  3 +-
 source3/winbindd/winbindd_getgrnam.c      | 18 +++++--
 source3/winbindd/winbindd_getgroups.c     | 13 ++++-
 source3/winbindd/winbindd_getpwnam.c      | 13 ++++-
 source3/winbindd/winbindd_irpc.c          |  7 ++-
 source3/winbindd/winbindd_lookupname.c    | 17 ++++---
 source3/winbindd/winbindd_pam.c           | 83 +++++++++++++++++++++++--------
 source3/winbindd/winbindd_pam_auth.c      | 11 ++--
 source3/winbindd/winbindd_pam_chauthtok.c | 12 +++--
 source3/winbindd/winbindd_pam_logoff.c    | 12 +++--
 source3/winbindd/winbindd_proto.h         | 19 ++++---
 source3/winbindd/winbindd_util.c          | 63 ++++++++++++-----------
 25 files changed, 375 insertions(+), 109 deletions(-)
 create mode 100755 nsswitch/tests/test_wbinfo_user_info.sh
 create mode 100644 selftest/knownfail.d/upn_handling


Changeset truncated at 500 lines:

diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh
index 2f4ee32..7450ae0 100755
--- a/nsswitch/tests/test_idmap_ad.sh
+++ b/nsswitch/tests/test_idmap_ad.sh
@@ -20,7 +20,7 @@ failed=0
 
 . `dirname $0`/../../testprogs/blackbox/subunit.sh
 
-DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ")
+DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ")
 if [ $? -ne 0 ] ; then
     echo "Could not find domain SID" | subunit_fail_test "test_idmap_ad"
     exit 1
diff --git a/nsswitch/tests/test_idmap_nss.sh b/nsswitch/tests/test_idmap_nss.sh
index 5072a0d..1bbc177 100755
--- a/nsswitch/tests/test_idmap_nss.sh
+++ b/nsswitch/tests/test_idmap_nss.sh
@@ -13,8 +13,8 @@ failed=0
 
 . `dirname $0`/../../testprogs/blackbox/subunit.sh
 
-testit "wbinfo returns domain SID" $wbinfo -n "@$DOMAIN" || exit 1
-DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ")
+testit "wbinfo returns domain SID" $wbinfo -n "$DOMAIN/" || exit 1
+DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ")
 echo "Domain $DOMAIN has SID $DOMAIN_SID"
 
 # Find an unused uid and SID
diff --git a/nsswitch/tests/test_idmap_rid.sh b/nsswitch/tests/test_idmap_rid.sh
index 7fb5985..8209a50 100755
--- a/nsswitch/tests/test_idmap_rid.sh
+++ b/nsswitch/tests/test_idmap_rid.sh
@@ -16,7 +16,7 @@ failed=0
 
 . `dirname $0`/../../testprogs/blackbox/subunit.sh
 
-DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ")
+DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ")
 if [ $? -ne 0 ] ; then
     echo "Could not find domain SID" | subunit_fail_test "test_idmap_rid"
     exit 1
diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
index 696e25b..c1d39c1 100755
--- a/nsswitch/tests/test_wbinfo_name_lookup.sh
+++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
@@ -8,8 +8,9 @@ exit 1;
 fi
 
 DOMAIN=$1
-DC_USERNAME=$2
-shift 2
+REALM=$2
+DC_USERNAME=$3
+shift 3
 
 failed=0
 sambabindir="$BINDIR"
@@ -22,6 +23,14 @@ testit "name-to-sid.single-separator" \
        $wbinfo -n $DOMAIN/$DC_USERNAME || \
 	failed=$(expr $failed + 1)
 
+testit "name-to-sid.at_domain" \
+       $wbinfo -n $DOMAIN/ || \
+	failed=$(expr $failed + 1)
+
+testit "name-to-sid.upn" \
+       $wbinfo -n $DC_USERNAME@$REALM || \
+	failed=$(expr $failed + 1)
+
 # Two separator characters should fail
 testit_expect_failure "name-to-sid.double-separator" \
 		      $wbinfo -n $DOMAIN//$DC_USERNAME || \
diff --git a/nsswitch/tests/test_wbinfo_user_info.sh b/nsswitch/tests/test_wbinfo_user_info.sh
new file mode 100755
index 0000000..2803ac1
--- /dev/null
+++ b/nsswitch/tests/test_wbinfo_user_info.sh
@@ -0,0 +1,83 @@
+#!/bin/sh
+# Blackbox test for wbinfo lookup for account name and upn
+# Copyright (c) 2018 Andreas Schneider <asn at samba.org>
+
+if [ $# -lt 5 ]; then
+cat <<EOF
+Usage: $(basename $0) DOMAIN REALM USERNAME1 UPN_NAME1 USERNAME2 UPN_NAME2
+EOF
+exit 1;
+fi
+
+DOMAIN=$1
+REALM=$2
+USERNAME1=$3
+UPN_NAME1=$4
+USERNAME2=$5
+UPN_NAME2=$6
+shift 6
+
+failed=0
+
+samba_bindir="$BINDIR"
+wbinfo_tool="$VALGRIND $samba_bindir/wbinfo"
+
+UPN1="$UPN_NAME1@$REALM"
+UPN2="$UPN_NAME2@$REALM"
+
+. $(dirname $0)/../../testprogs/blackbox/subunit.sh
+
+test_user_info()
+{
+	local cmd out ret user domain upn userinfo
+
+	domain="$1"
+	user="$2"
+	upn="$3"
+
+	if [ $# -lt 3 ]; then
+		userinfo="$domain/$user"
+	else
+		userinfo="$upn"
+	fi
+
+	cmd='$wbinfo_tool --user-info $userinfo'
+	eval echo "$cmd"
+	out=$(eval $cmd)
+	ret=$?
+	if [ $ret -ne 0 ]; then
+		echo "failed to lookup $userinfo"
+		echo "$out"
+		return 1
+	fi
+
+	echo "$out" | grep "$domain/$user:.*:.*:.*::/home/$domain/Domain Users/$user"
+	ret=$?
+	if [ $ret != 0 ]; then
+		echo "failed to lookup $userinfo"
+		echo "$out"
+		return 1
+	fi
+
+	return 0
+}
+
+testit "name_to_sid.domain.$USERNAME1" $wbinfo_tool --name-to-sid $DOMAIN/$USERNAME1 || failed=$(expr $failed + 1)
+testit "name_to_sid.upn.$UPN_NAME1" $wbinfo_tool --name-to-sid $UPN1 || failed=$(expr $failed + 1)
+
+testit "user_info.domain.$USERNAME1" test_user_info $DOMAIN $USERNAME1 || failed=$(expr $failed + 1)
+testit "user_info.upn.$UPN_NAME1" test_user_info $DOMAIN $USERNAME1 $UPN1 || failed=$(expr $failed + 1)
+
+testit "name_to_sid.domain.$USERNAME2" $wbinfo_tool --name-to-sid $DOMAIN/$USERNAME2 || failed=$(expr $failed + 1)
+testit "name_to_sid.upn.$UPN_NAME2" $wbinfo_tool --name-to-sid $UPN2 || failed=$(expr $failed + 1)
+
+testit "user_info.domain.$USERNAME2" test_user_info $DOMAIN $USERNAME2 || failed=$(expr $failed + 1)
+testit "user_info.upn.$UPN_NAME2" test_user_info $DOMAIN $USERNAME2 $UPN2 || failed=$(expr $failed + 1)
+
+USERNAME3="testdenied"
+UPN_NAME3="testdenied_upn"
+UPN3="$UPN_NAME3@${REALM}.upn"
+testit "name_to_sid.upn.$UPN_NAME3" $wbinfo_tool --name-to-sid $UPN3 || failed=$(expr $failed + 1)
+testit "user_info.upn.$UPN_NAME3" test_user_info $DOMAIN $USERNAME3 $UPN3 || failed=$(expr $failed + 1)
+
+exit $failed
diff --git a/selftest/knownfail.d/upn_handling b/selftest/knownfail.d/upn_handling
new file mode 100644
index 0000000..bcbedb4
--- /dev/null
+++ b/selftest/knownfail.d/upn_handling
@@ -0,0 +1,8 @@
+^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.ad_member
+^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.ad_member
+^samba3\.wbinfo_user_info\.user_info\.domain\.alice.fl2008r2dc
+^samba3\.wbinfo_user_info\.user_info\.upn\.alice.fl2008r2dc
+^samba3\.wbinfo_user_info\.user_info\.domain\.jane.fl2008r2dc
+^samba3\.wbinfo_user_info\.user_info\.upn\.jane\.doe.fl2008r2dc
+^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.fl2008r2dc
+^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.fl2008r2dc
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 6c86701..2b1752f 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -2412,6 +2412,9 @@ sub wait_for_start($$$$$)
 	$netcmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
 	$netcmd .= Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} ";
 
+	$cmd = $netcmd . "groupmap delete ntgroup=domusers";
+	$ret = system($cmd);
+
 	$cmd = $netcmd . "groupmap add rid=513 unixgroup=domusers type=domain";
 	$ret = system($cmd);
 	if ($ret != 0) {
@@ -2419,6 +2422,9 @@ sub wait_for_start($$$$$)
 		return 1;
 	}
 
+	$cmd = $netcmd . "groupmap delete ntgroup=domadmins";
+	$ret = system($cmd);
+
 	$cmd = $netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain";
 	$ret = system($cmd);
 	if ($ret != 0) {
@@ -2426,6 +2432,9 @@ sub wait_for_start($$$$$)
 		return 1;
 	}
 
+	$cmd = $netcmd . "groupmap delete ntgroup=everyone";
+	$ret = system($cmd);
+
 	$cmd = $netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin";
 	$ret = system($cmd);
 	if ($ret != 0) {
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 51a175b..5353779 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -877,7 +877,7 @@ userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
 	}
 
 	# Create to users alice and bob!
-	my $user_account_array = ["alice", "bob"];
+	my $user_account_array = ["alice", "bob", "jane"];
 
 	foreach my $user_account (@{$user_account_array}) {
 		my $samba_tool_cmd = "";
@@ -892,6 +892,23 @@ userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
 		}
 	}
 
+	my $ldbmodify = "";
+	$ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+	$ldbmodify .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
+	$ldbmodify .= Samba::bindir_path($self, "ldbmodify");
+
+	my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm}));
+	my $user_dn = "cn=jane,cn=users,$base_dn";
+
+	open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
+	print LDIF "dn: $user_dn
+changetype: modify
+replace: userPrincipalName
+userPrincipalName: jane.doe\@$ctx->{realm}
+-
+";
+	close(LDIF);
+
 	return $ret;
 }
 
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index c234679..5ebebb5 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -214,7 +214,21 @@ plantestsuite("samba3.wbinfo_simple.(%s:local).%s" % (env, t), "%s:local" % env,
 plantestsuite("samba3.wbinfo_name_lookup", env,
               [ os.path.join(srcdir(),
                             "nsswitch/tests/test_wbinfo_name_lookup.sh"),
-                '$DOMAIN', '$DC_USERNAME' ])
+                '$DOMAIN', '$REALM', '$DC_USERNAME' ])
+
+env = "ad_member:local"
+plantestsuite("samba3.wbinfo_user_info", env,
+              [ os.path.join(srcdir(),
+                            "nsswitch/tests/test_wbinfo_user_info.sh"),
+                '$DOMAIN', '$REALM', 'alice', 'alice', 'jane', 'jane.doe' ])
+
+env = "fl2008r2dc:local"
+plantestsuite("samba3.wbinfo_user_info", env,
+              [ os.path.join(srcdir(),
+                            "nsswitch/tests/test_wbinfo_user_info.sh"),
+                '$TRUST_DOMAIN', '$TRUST_REALM', 'alice', 'alice', 'jane', 'jane.doe' ])
+
+env = "ad_member"
 t = "WBCLIENT-MULTI-PING"
 plantestsuite("samba3.smbtorture_s3.%s" % t, env, [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//foo/bar', '""', '""', smbtorture3, ""])
 plantestsuite("samba3.substitutions", env, [os.path.join(samba3srcdir, "script/tests/test_substitutions.sh"), "$SERVER", "alice", "Secret007", "$PREFIX"])
diff --git a/source3/winbindd/wb_lookupname.c b/source3/winbindd/wb_lookupname.c
index 1dd6b68..c7b027b 100644
--- a/source3/winbindd/wb_lookupname.c
+++ b/source3/winbindd/wb_lookupname.c
@@ -35,7 +35,9 @@ static void wb_lookupname_done(struct tevent_req *subreq);
 
 struct tevent_req *wb_lookupname_send(TALLOC_CTX *mem_ctx,
 				      struct tevent_context *ev,
-				      const char *dom_name, const char *name,
+				      const char *namespace,
+				      const char *dom_name,
+				      const char *name,
 				      uint32_t flags)
 {
 	struct tevent_req *req, *subreq;
@@ -61,9 +63,9 @@ struct tevent_req *wb_lookupname_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 
-	domain = find_lookup_domain_from_name(state->dom_name);
+	domain = find_lookup_domain_from_name(namespace);
 	if (domain == NULL) {
-		DEBUG(5, ("Could not find domain for %s\n", state->dom_name));
+		DEBUG(5, ("Could not find domain for %s\n", namespace));
 		tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
 		return tevent_req_post(req, ev);
 	}
diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
index a2a4493..0d21e55 100644
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -185,6 +185,7 @@ static void wb_xids2sids_init_dom_maps_lookupname_next(
 	subreq = wb_lookupname_send(state,
 				    state->ev,
 				    dom_maps[state->dom_idx].name,
+				    dom_maps[state->dom_idx].name,
 				    "",
 				    LOOKUP_NAME_NO_NSS);
 	if (tevent_req_nomem(subreq, state->req)) {
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 9f9e878..2778e27 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -3221,7 +3221,8 @@ bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
 	return NT_STATUS_IS_OK(status);
 }
 
-bool lookup_cached_name(const char *domain_name,
+bool lookup_cached_name(const char *namespace,
+			const char *domain_name,
 			const char *name,
 			struct dom_sid *sid,
 			enum lsa_SidType *type)
@@ -3230,7 +3231,7 @@ bool lookup_cached_name(const char *domain_name,
 	NTSTATUS status;
 	bool original_online_state;
 
-	domain = find_lookup_domain_from_name(domain_name);
+	domain = find_lookup_domain_from_name(namespace);
 	if (domain == NULL) {
 		return false;
 	}
diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c
index 039e653..ddeaf1d 100644
--- a/source3/winbindd/winbindd_ccache_access.c
+++ b/source3/winbindd/winbindd_ccache_access.c
@@ -43,8 +43,9 @@ static bool client_can_access_ccache_entry(uid_t client_uid,
 	return False;
 }
 
-static NTSTATUS do_ntlm_auth_with_stored_pw(const char *username,
+static NTSTATUS do_ntlm_auth_with_stored_pw(const char *namespace,
 					    const char *domain,
+					    const char *username,
 					    const char *password,
 					    const DATA_BLOB initial_msg,
 					    const DATA_BLOB challenge_msg,
@@ -182,11 +183,12 @@ static bool check_client_uid(struct winbindd_cli_state *state, uid_t uid)
 void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
 {
 	struct winbindd_domain *domain;
-	fstring name_domain, name_user;
+	fstring name_namespace, name_domain, name_user;
 	NTSTATUS result = NT_STATUS_NOT_SUPPORTED;
 	struct WINBINDD_MEMORY_CREDS *entry;
 	DATA_BLOB initial, challenge, auth;
 	uint32_t initial_blob_len, challenge_blob_len, extra_len;
+	bool ok;
 
 	/* Ensure null termination */
 	state->request->data.ccache_ntlm_auth.user[
@@ -197,8 +199,11 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
 
 	/* Parse domain and username */
 
-	if (!canonicalize_username(state->request->data.ccache_ntlm_auth.user,
-				name_domain, name_user)) {
+	ok = canonicalize_username(state->request->data.ccache_ntlm_auth.user,
+				   name_namespace,
+				   name_domain,
+				   name_user);
+	if (!ok) {
 		DEBUG(5,("winbindd_ccache_ntlm_auth: cannot parse domain and user from name [%s]\n",
 			state->request->data.ccache_ntlm_auth.user));
 		request_error(state);
@@ -238,7 +243,11 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
 	}
 
 	/* Parse domain and username */
-	if (!parse_domain_user(state->request->data.ccache_ntlm_auth.user, name_domain, name_user)) {
+	ok = parse_domain_user(state->request->data.ccache_ntlm_auth.user,
+			       name_namespace,
+			       name_domain,
+			       name_user);
+	if (!ok) {
 		DEBUG(10,("winbindd_dual_ccache_ntlm_auth: cannot parse "
 			"domain and user from name [%s]\n",
 			state->request->data.ccache_ntlm_auth.user));
@@ -273,10 +282,16 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
 		state->request->data.ccache_ntlm_auth.challenge_blob_len);
 
 	result = do_ntlm_auth_with_stored_pw(
-		name_user, name_domain, entry->pass,
-		initial, challenge, talloc_tos(), &auth,
-		state->response->data.ccache_ntlm_auth.session_key,
-		&state->response->data.ccache_ntlm_auth.new_spnego);
+			name_namespace,
+			name_domain,
+			name_user,
+			entry->pass,
+			initial,
+			challenge,
+			talloc_tos(),
+			&auth,
+			state->response->data.ccache_ntlm_auth.session_key,
+			&state->response->data.ccache_ntlm_auth.new_spnego);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto process_result;
@@ -304,8 +319,9 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
 void winbindd_ccache_save(struct winbindd_cli_state *state)
 {
 	struct winbindd_domain *domain;
-	fstring name_domain, name_user;
+	fstring name_namespace, name_domain, name_user;
 	NTSTATUS status;
+	bool ok;
 
 	/* Ensure null termination */
 	state->request->data.ccache_save.user[
@@ -319,8 +335,11 @@ void winbindd_ccache_save(struct winbindd_cli_state *state)
 
 	/* Parse domain and username */
 
-	if (!canonicalize_username(state->request->data.ccache_save.user,
-				   name_domain, name_user)) {
+	ok = canonicalize_username(state->request->data.ccache_save.user,
+				   name_namespace,
+				   name_domain,
+				   name_user);
+	if (!ok) {
 		DEBUG(5,("winbindd_ccache_save: cannot parse domain and user "
 			 "from name [%s]\n",
 			 state->request->data.ccache_save.user));
diff --git a/source3/winbindd/winbindd_creds.c b/source3/winbindd/winbindd_creds.c
index 15cca55..2d7aacf 100644
--- a/source3/winbindd/winbindd_creds.c
+++ b/source3/winbindd/winbindd_creds.c
@@ -76,7 +76,8 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
 
 		enum lsa_SidType type;
 
-		if (!lookup_cached_name(domain->name,
+		if (!lookup_cached_name(domain->name, /* namespace */
+					domain->name,
 					user,
 					&cred_sid,
 					&type)) {
diff --git a/source3/winbindd/winbindd_getgrnam.c b/source3/winbindd/winbindd_getgrnam.c
index 02d9abc..37c205d 100644
--- a/source3/winbindd/winbindd_getgrnam.c
+++ b/source3/winbindd/winbindd_getgrnam.c
@@ -22,7 +22,7 @@
 
 struct winbindd_getgrnam_state {
 	struct tevent_context *ev;
-	fstring name_domain, name_group;
+	fstring name_namespace, name_domain, name_group;
 	struct dom_sid sid;
 	const char *domname;
 	const char *name;
@@ -42,6 +42,7 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
 	struct winbindd_getgrnam_state *state;
 	char *tmp;
 	NTSTATUS nt_status;
+	bool ok;
 
 	req = tevent_req_create(mem_ctx, &state,
 				struct winbindd_getgrnam_state);
@@ -66,7 +67,15 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
 
 	/* Parse domain and groupname */
 
-	parse_domain_user(tmp, state->name_domain, state->name_group);
+	ok = parse_domain_user(tmp,
+			       state->name_namespace,
+			       state->name_domain,
+			       state->name_group);
+	if (!ok) {
+		DBG_INFO("Could not parse domain user: %s\n", tmp);
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return tevent_req_post(req, ev);
+	}
 
 	/* if no domain or our local domain and no local tdb group, default to
 	 * our local domain for aliases */
@@ -76,7 +85,10 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
 		fstrcpy(state->name_domain, get_global_sam_name());
 	}
 
-	subreq = wb_lookupname_send(state, ev, state->name_domain, state->name_group,
+	subreq = wb_lookupname_send(state, ev,
+				    state->name_namespace,
+				    state->name_domain,
+				    state->name_group,
 				    0);
 	if (tevent_req_nomem(subreq, req)) {


-- 
Samba Shared Repository



More information about the samba-cvs mailing list